November 30, 2020

Volume X, Number 335

Advertisement

Federal Acquisition Security Council Accepting Comments on Interim Final Rule Regarding Information Technology Supply Chain Risk

On November 2, 2020, the comment period for the Federal Acquisition Security Council’s (“FASC”) interim final rule (the “Interim Final Rule”) implementing the Federal Acquisition Supply Chain Security Act of 2018 (the “2018 Act”) will close.

The FASC was established by the 2018 Act. As an executive branch interagency council, FASC is tasked with recommending to other federal agencies orders to exclude or remove from government information systems and future procurements certain “sources” (i.e., non-federal suppliers or potential suppliers of products or services) and “covered articles” (i.e., information technology, including cloud computing services; telecommunications equipment or services; certain processing of information on a Federal or non-federal information system; or hardware, systems, devices, software or services that include embedded or incidental information technology). The FASC’s recommended exclusion and removal orders are intended to reduce supply chain risk – that is, the risk of surveillance, denial, disruption or manipulation of covered technology or information stored or transmitted by covered technology. FASC orders will be reviewed by designated federal officials, who may then issue exclusion and removal orders applicable to federal agencies within their remit, pursuant to procedures provided in the 2018 Act.

The Interim Final Rule, which was issued by the FASC on September 1, 2020, provides for: (i) establishing the membership of the FASC and the role of the FASC’s Information Sharing Agency, (ii) prescribing mandatory and voluntary information sharing criteria for federal agencies (along with associated information protection requirements), and (iii) identifying the criteria and procedures by which the FASC will evaluate relevant supply chain risks and recommend removal and exclusion orders (along with a process for waiver requests).

Formal comments on the Interim Final Rule may be submitted until November 2, 2020.

Copyright © 2020, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume X, Number 300
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement